2 matches found
CVE-2025-52463
Active! mail CVE-2025-52463 is a cross-site request forgery in versions up to 6.60.06008562. Exploitation could cause unintended emails to be sent when a logged-in user visits a crafted URL. Root cause: CSRF without adequate request validation. Mitigation: update to Active! mail 6.61.01008654 as ...
Moodle authorization headers preserved between "emulated redirects"
A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs...